--check /api/getItem/
local iputils = require("resty.iputils")
local whitelist_ips = {
        "59.42.24.0/22", -- office
        "47.96.188.198", -- t-pdd
	"116.62.119.31", -- t-pdd1       
        "116.62.231.140",  -- t
        "47.96.158.186", -- t1
        "47.96.184.200", -- t2
        "120.26.194.95", -- tb1
        "114.55.146.233", -- tb2
        "121.41.168.222", -- tb3
	"118.178.127.82", -- yjsc-server-01
	"116.62.48.112", -- yjsc-server-02
	"120.27.245.110", -- yjsc-server-03
        "118.178.91.215", -- yjsc-server-04
        "120.27.154.72", -- app-up
        "114.215.252.24", -- ons
        "121.199.183.85" -- shujubao aliexpress
	"39.98.95.196" --jushita-ons
}


local headers = ngx.req.get_headers()
local client_ip = headers["X-FORWARDED-FOR"] or ngx.var.remote_addr or headers["X-REAL-IP"]

string.split = function(s, p)
    local rt= {}
    string.gsub(s, '[^'..p..']+', function(w) table.insert(rt, w) end )
    return rt
end

function get_client_ip()
        local headers = ngx.req.get_headers()
        local client_ip = headers["X-FORWARDED-FOR"] or ngx.var.remote_addr or headers["X-REAL-IP"]
        if #client_ip > 15 then
                return string.split(client_ip,',')[1]
        end
        return client_ip
end

whitelist = iputils.parse_cidrs(whitelist_ips)
if not iputils.ip_in_cidrs(get_client_ip()  , whitelist) then
        return ngx.exit(ngx.HTTP_FORBIDDEN)
end
